package com.sso.filter;

import com.alibaba.fastjson.JSONObject;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class MyTokenFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
            String uri = request.getRequestURI();
            if ("/oauth/token".equals(uri) || "/oauth/login".equals(uri) || "/resource/**".equals(uri)) {
                filterChain.doFilter(request, response);
            } else {
                boolean access_token = false;
                boolean authorization = false;
                if (request.getParameter("access_token") == null) {
                    access_token = true;
                }
                if (request.getHeader("Authorization") == null) {
                    authorization = true;
                } else {
                    if (!request.getHeader("Authorization").startsWith("Bearer")) {
                        authorization = true;
                    }
                }
                if (access_token && authorization) {
                    response.setContentType("application/json;charset=UTF-8");
                    response.getWriter().write(JSONObject.toJSONString(R.error(401, "未获得凭证！")));
                } else {
                    filterChain.doFilter(request, response);
                }
            }
    }
}
